VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Basic Information

MD5: f3acc06892bef81bb6bea9b2f5a37b5d
file type: EXE
Production company: 天晴数码娱乐
version: 1.0.0.0---1.0.0.0
Shell or compiler information: COMPILER:Borland Delphi 6.0 - 7.0 [Overlay]
{$lang.habo.subfile_info}>: TQAnp.dll / 5a8ea9f97d9e1ef5c956c4b760f21caa / DLL
TQAnp.dll / 5a8ea9f97d9e1ef5c956c4b760f21caa / DLL

Key behavior

Behavior description: 设置特殊文件夹属性
details: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012017072020170721
Behavior description: 查找PE资源信息
details: (FindResourceA) hModule = 0x00400000, ResName: 7zip_library, ResType:
Behavior description: 获取TickCount值
details: TickCount = 252562, SleepMilliseconds = 250.

File behavior

Behavior description: 创建文件
details: C:\Documents and Settings\Administrator\Local Settings\%temp%\InstallTmp\Config.7z
C:\Documents and Settings\Administrator\Local Settings\%temp%\InstallTmp\Config.txt
C:\Documents and Settings\Administrator\Local Settings\%temp%\InstallTmp\Readme.7z
C:\Documents and Settings\Administrator\Local Settings\%temp%\InstallTmp\Readme.txt
C:\Documents and Settings\Administrator\Local Settings\%temp%\InstallTmp\Logo.7z
C:\Documents and Settings\Administrator\Local Settings\%temp%\InstallTmp\阿拉伯a1.bmp
C:\Documents and Settings\Administrator\Local Settings\%temp%\InstallTmp\Language.7z
C:\Documents and Settings\Administrator\Local Settings\%temp%\InstallTmp\Enlish.ini
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012017072020170721\index.dat
Behavior description: 删除文件
details: C:\Documents and Settings\Administrator\Local Settings\%temp%\InstallTmp\Config.7z
C:\Documents and Settings\Administrator\Local Settings\%temp%\InstallTmp\Config.txt
C:\Documents and Settings\Administrator\Local Settings\%temp%\InstallTmp\Readme.7z
C:\Documents and Settings\Administrator\Local Settings\%temp%\InstallTmp\Logo.7z
C:\Documents and Settings\Administrator\Local Settings\%temp%\InstallTmp\Language.7z
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016091220160913\index.dat
Behavior description: 设置特殊文件夹属性
details: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012017072020170721
Behavior description: 修改文件内容
details: C:\Documents and Settings\Administrator\Local Settings\%temp%\InstallTmp\Config.7z ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\InstallTmp\Config.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\InstallTmp\Readme.7z ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\InstallTmp\Readme.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\InstallTmp\Logo.7z ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\InstallTmp\阿拉伯a1.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\InstallTmp\Language.7z ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\InstallTmp\Enlish.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012017072020170721\index.dat ---> Offset = 0
Behavior description: 查找文件
details: FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\InstallTmp\Config.txt
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\InstallTmp\Readme.txt
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\InstallTmp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\InstallTmp\阿拉伯a1.bmp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\InstallTmp\Enlish.ini
FileName = C:\Documents and Settings\Administrator\Local Settings\History
FileName = C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016091220160913\*.*
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\InstallTmp\*.*

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017072020170721\CachePath
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017072020170721\CachePrefix
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017072020170721\CacheLimit
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017072020170721\CacheOptions
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017072020170721\CacheRepair
Behavior description: 删除注册表键
details: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016091220160913\

Other behavior

Behavior description: 获取光标位置
details: CursorPos = (80,18468), SleepMilliseconds = 250.
Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\!PrivacIE!SharedMemory!Mutex
_!SHMSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!history!history.ie5!mshist012017072020170721!
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.ICL
Behavior description: 创建事件对象
details: EventName = MSCTF.SendReceive.Event.ICL.IC
EventName = MSCTF.SendReceiveConection.Event.ICL.IC
Behavior description: 窗口信息
details: Pid = 2852, Hwnd=0x10370, Text = <Conquer>Destination Folder:, ClassName = TStaticText.
Pid = 2852, Hwnd=0x1036e, Text = Exit(&E), ClassName = TButton.
Pid = 2852, Hwnd=0x1036c, Text = Start(&I), ClassName = TButton.
Pid = 2852, Hwnd=0x40362, Text = <Conquer> GAME UPDATE, ClassName = TNdZipSfxFrm.
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [MS_WINHELP,]
Behavior description: 打开事件
details: HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description: 获取TickCount值
details: TickCount = 252562, SleepMilliseconds = 250.
Behavior description: 调整进程token权限
details: SE_LOAD_DRIVER_PRIVILEGE
Behavior description: 枚举窗口
details: N/A
Behavior description: 查找PE资源信息
details: (FindResourceA) hModule = 0x00400000, ResName: 7zip_library, ResType:
Behavior description: 调用Sleep函数
details: [1]: MilliSeconds = 250.
Behavior description: 隐藏指定窗口
details: [Window,Class] = [<Conquer> GAME UPDATE,TNdZipSfxFrm]
[Window,Class] = [,Internet Explorer_Server]
Behavior description: 打开互斥体
details: ShimCacheMutex
Local\WininetStartupMutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Local\!IETld!Mutex
CtfmonInstMutexDefaultS-*
_!SHMSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!history!history.ie5!mshist012017072020170721!

Run screenshot

VirSCAN